Pavel Moravec has suggested changing the C++ Broker ACL syntax to use regular expressions. I think this is a great idea as it addresses a missing functionality in the current ACL wildcard syntax. I would like to elaborate on his proposal.
Plugging in his suggestion is not so straight forward:
1. It breaks the current ACL specifications.
name=tmp* would match "tm", "tmp", and "tmpp" but not "tmp2".
2. It requires a regex library such as boost::regex.
I propose to include regular expressions in the ACL property values match by:
1. Adding new keyword to the ACL file to control regex matching.
- This defaults to off and current ACL files are processed exactly as before.
- Whenever 'matchregex on' happens in the ACL file then subsequent rules are processed with the property value strings being regex match strings and not plain text strings.
- Regex matching can be turned off again with 'matchregex off'.
2. Boost_regex is added as a dependency for acl.so. I know that there has been activity not so long ago to get rid of boost_regex. However the need for more complex property value match specifications is acute.
My GCC 4.6.2 has a <tr1/regex> for compilation but it does not link so that's no good. Are there better alternatives?
An enterprise customer may wish to use:
acl allow dev bind exchange name=Price routingkey=Price.*.*.* queuename=TempQueue*
This is impossible to specify today. With regex processing the same customer could use:
acl allow dev bind exchange name=Price routingkey=Price\..*\..*\..* queuename=TempQueue.*
I'll complete these changes and put the up to Review Board.